Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- each file for the downloader ends in a signature
- signatures can be found by the hex string
- 01000000 00000000 00000000 00000000
- followed by high-entropy bytes (basically no zeroes, no readable text or repeated values nearby)
- 0x0 ... 0x2000 -> whatever, BL1
- 0x2000 ... 0x15000 -> second image (encrypted TZ/EL3?)
- 0x15000 ... 0x64000 -> ACPM and other stuff
- 0x7D000 ... 1FD000 -> BL2, the actual s-boot
- There are actually multiple images starting from 0x15000
- but there is only one signature at the end.
- 0x15000 ... 0x30c00 -> XXX
- 0x30C00 ... 0x7d000 -> YYY
- One of XXX and YYY is unknown and one is:
- ACPM (Power controller) firmware, unsigned?
- dd if=sboot.bin of=part1.bin bs=$((0x2000)) count=1
- dd if=sboot.bin of=part2.bin bs=1 skip=$((0x2000)) count=$((0x15000-0x2000))
- dd if=sboot.bin of=part3.bin bs=1 skip=$((0x15000)) count=$((0x64000-0x15000))
- dd if=sboot.bin of=part4.bin bs=1 skip=$((0x7d000)) count=$((0x1fd000-0x7d000))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement